'Tis the nature of arms races. My grandchildren will be playing this game long after I'm buried in a box.

I think the next step for any CAPTCHA is to add some additional noise into the equation along with some dynamic firewalling, and that's my plan for my own implementation. The policy will be simply "bounce off of the defense x times in y seconds and you're firewalled away for z seconds". That'll work for a while, then it'll be time for a radical rethink. Again.